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(57) Abstract: A method of aggregating 
one or more of a user's accounts, each of 
which is protected by one or more account 
access data keys which are personal to the 
user, each user account being maintained 
by an account managing organisation with 
details of the accounts being contained 
in an account managing organisation's 
database, said method including the steps 
of: establishing a linked data network 
between one or more user terminals, a 
custodian database, an aggregation means, 
and said account managing organisation 
or organisations database or databases; 
allowing a user, via a user terminal, to enter 
account access data keys into said custodian 
database for each of the user's accounts 
which the user chooses to aggregate; 
allowing a user to enter instructions via 
a said user terminal to the aggregation 
means to aggregate selected of said user's 
accounts; allowing the aggregation means 
under the instruction of the user to utilise 
said account access data keys from said 
custodian database for the purpose of 
using said keys to obtain account data from 
said database or databases of said account 
managing organisations; and allowing the 
user to access said account data from a said 
user terminal. 
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1 

Aggregation Service 

Field of the invention 

This invention relates to a network-based aggregation service for aggregating 
and compiling information from a variety of sources. In particular the invention relates 
5 to the aggregation of financial and investment account information. 

Background of the invention 

Internet based aggregation services whereby users holding multiple, separate 
accounts with different financial and/or investment institutions can access up to date 
information on all of their accounts via a single website, are known- The arrangement 

10 and operation of a typical aggregation service, as is currently known, is outlined 
schematically in figure 1. A user 10 subscribes to an aggregation service, appointing the 
aggregator as an agent 12. In doing so the user supplies the agent with confidential 
information (including account passwords, pin numbers and login data) allowing access 
to the users various accounts 16. The agent 12 is therefore effectively or actually 

1 5 granted power of attorney to access the user's accounts. The agent stores and maintains 
the users confidential details in a pin vault 14. Under instructions from the user the 
agent uses these confidential details to access and compile data from the users separate 
accounts 16. The user can view the aggregated data by, for example, logging onto the 
agent's website, or the agent might send the aggregated data to the user on a daily or 

20 weekly basis. 

There are a number of legal problems associated with account aggregation 
services such as that described above. In particular, in providing the agent with 
confidential login data, passwords and pin numbers the user is breaching confidentiality 
arrangements he would typically have made with the various institutions with which his 
25 accounts are held. Moreover allowing agent access to confidential account information 
may give rise to issues of breach of copyright or trespass. For these reasons such 
aggregation services could well be unlawful, or might subject the user to a loss of rights. 
The agent might find itself inadvertently assuming risks in relation to the user's 
accounts which the agent would rather not assume. 
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An object of the present invention is to overcome these legal and contractual 
difficulties inherent in the operation of prior art aggregation services. 

Summary of the invention 

According to a first aspect of the invention there is provided a method of 
5 aggregating one or more of a user's accounts, each of which is protected by one or more 
account access data keys which are personal to the user, each user account being 
maintained by an account managing organisation with details of the accounts being 
contained in an account managing organisation's database, the method includes the 
steps of: 

1 0 establishing a linked data network between one or more user terminals, a 

custodian database, an aggregation means, and said account managing organisation or 
organisations database or databases; 

allowing a user, via a user terminal, to enter account access data keys into 
said custodian database for each of the user's accounts which the user chooses to 
15 aggregate; 

allowing a user to enter instructions via a said user terminal to the 
aggregation means to aggregate selected of said user's accounts; 

allowing the aggregation means under the instruction of the user to utilise 
said account access data keys from said custodian database for the purpose of using said 
20 keys to obtain account data from said database or databases of said account managing 
organisations; and 

allowing the user to access said account data from a said user terminal. 

According to a second aspect of the present invention there is provided a system 
for aggregating one or more of a user's accounts, each of which is protected by one or 
25 more account access data keys which are personal to the user, each user account being 
maintained by an account managing organisation with details of the accounts being 
contained in an account managing organisation's database, the system comprising a 
linked data network between one or more user terminals, a custodian database, an 
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aggregation means, and said account managing organisation or organisations database or 
databases, said aggregation means being adapted to, under the instruction of the user, 
utilise said account access data keys from said custodian database for the purpose of 
using said keys to obtain account data from said database or databases of said account 
5 managing organisations; wherein in use: 

a user, via a user terminal, enters account access data keys into said 
custodian database for each of the user's accounts which the user chooses to aggregate; 

said user enters instructions via a said user terminal to the aggregation 
means to aggregate selected of said user's accounts; and 

10 said user accesses aggregated account data from a said user terminal. 

Preferably said account access data keys are electronically readable data strings 
such as pin numbers or passwords. 

In a preferred embodiment, said aggregation means and said custodian database 
are controlled and managed by separate organisations. 

15 Preferably said account access data keys are not stored in any part of the memory 

of said aggregation means so that said aggregation means is required to obtain 
instructions from the user to utilise said account access data keys from said custodian 
database for every aggregation operation. 

Preferably said linked data network is accessible by users over a computer 
20 network, such as the Internet. Preferably said aggregation means is a computer program 
operated by said aggregator and usable by users via said computer network. 

In a preferred embodiment said aggregation will be performed substantially 
instantaneously according to instructions issued from a user at the time said user is 
accessing the linked data network. 

25 Alternatively, said aggregation may be performed, on instructions of said user, 

on a regular basis, such as daily, weekly, or monthly. 

It is envisaged that the custodian database will operate in much the same manner 
as a bank security box system will operate, wherein the account access data keys of a 
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user's accounts to be aggregated are held in a secure data vault, and the aggregator (the 
person or entity operating the aggregation means) will have no authority to have access 
to the contents of the custodian database, except in specified circumstances, which 
would be outside of the ambit of providing aggregation facilities, but may include the 
5 occurrence of natural disasters, issuance of court orders compelling disclosure or a 
change in provider of the data vault. A custodian, being an entity separate from the 
aggregator, will manage and control the secure data vault and similarly will also not 
have access to the contents of the data vault 

The system is advantageous in that the user is able to utilise the facilities of the 
10 aggregation means to perform aggregation of his or her accounts, but it is the user who 
is performing the account interrogations, using the account access data keys. In basic 
concept the aggregator merely provides a "conduit" through which the user himself or 
herself is able to perform the aggregation without the user's confidential login data, pin 
numbers and passwords or the like being disclosed to any third party, including the 
15 aggregator. 

Brief description of the drawings 

The various features and embodiments of the invention are described below, by 
way of example only, with reference to the accompanying drawings in which: 

Figure 1 is a flowchart illustrating the operation of an aggregation service 
20 according to the prior art; 

Figure 2 is a flowchart illustrating the operation of an aggregation service 
according to the present invention. 

Detailed description of the embodiments 

The components of a network based aggregation service according to a preferred 
25 embodiment of the invention are outlined in figure 2. According to this embodiment a 
user 5 enters into a contract with an aggregator who operates the aggregation means 20. 
The aggregator provides the user 5 with access to online aggregation software 30. 
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Initially the user 5 enters the particulars such as names, email address or the like, 
of the online accounts, investments, shareholdings, frequent flyer points, or other data 
sources which they propose to aggregate, into the aggregation means 20, using a user 
terminal 10. The user 5 also inputs, via the aggregation means 20, the account access 
5 data keys or "access information" required to access those data sources, into a custodian 
database, such as a PIN Vault 36, where they are held on a safe custody basis. By 
entering their access information into a custodian database, the user 5 does not disclose 
that information to a third party. The safe custody arrangement means that neither the 
custodian, nor the aggregator, has a right of access to the access information, leaving the 
10 user as the only party with authority to activate the access information and carry out 
aggregation. 

The aggregation of the user's account information from variety of different 
sources 16 is accomplished by the aggregation software 30. In practice aggregation of 
information would be performed at the request of the user 5. To view die results of an 

15 aggregation the user 5, using their user terminal 10, accesses a website of the 
aggregation means 20 and enters a user identification and password, then selects an 
option which allows them access to the aggregated data from the aggregation means 20. 
If a user wishes to receive an updated aggregation, the user 10 accesses the a website of 
the aggregation means 20 and clicks a button "Refresh". The "Refresh" selection 

20 initiates the aggregation and updating of aggregated data currently stored. It is envisaged 
that a variety of "Refresh" options may be made available to users. For example it may 
be possible for a user to change to have aggregations performed on a regular basis, such 
as daily or weekly, or on an 'as needed' basis. 

The user 5 uses the aggregation software 30 of the aggregation system 20 to send 
25 and receive data signals to, and from the different information sources 16. The user's 
signals may travel to the target websites of the different sources 16, gather the data, and 
return it in a prescribed format to the user 5 via network. The user's signals will include 
their account access data keys which the user requires to carry out the aggregation 
process. 
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In a preferred form of the invention the user is provided with PIN vault access 
data keys as indicated by block 32 which must be in place before access information can 
be obtained from the PIN vault 36 and access granted to the user's accounts 16. Thus, 
without the PIN vault access data keys being in position, no aggregation of the user's 
5 accounts will be possible. The PIN vault access data keys might conveniently comprise 
a password or some other form of data string which will be in the sole control of the 
user 5, thereby further distancing the aggregator from having any control over the access 
data stored in the PIN vault 36. 

In addition, the user's aggregated data might be stored in a data storage facility 
10 34 which is separate from the aggregation means 20. The data storage facility 34 is 
preferably web accessible and may form part of the aggregator's website, or be 
accessible through the aggregator's website, but need not be a part of the aggregator's 
web accessible data. 

It will be appreciated that by having user-controlled account access data keys 
15 which are entirely at the discretion of the user to activate or deactivate, the system is 
brought into the control of the user. The aggregator cannot perform aggregation 
services without obtaining access data, from the pin vault, and the account access data 
keys are the controlling element which must be in place before any access data may be 
employed for access purposes. Other forms of user control of the access data are 
20 possible. 

According to the present invention the aggregator merely provides a "conduit" 
through which the user himself or herself is able to perform the aggregation. A critical 
feature of the invention therefore is that the information in the PIN vault 36, in which 
the user's confidential login data, pin numbers and passwords are stored, is not 
25 disclosed to any third party, including the aggregator. When a user registers for the 
aggregation service the user inputs the details of accounts to be aggregated along with 
the relevant pin numbers and passwords. Items of this data personal, and known only to 
the user 5, are stored directly in the PIN vault 36, and are accessible only by the user. 
Preferably the user has an electronic key (such as the PIN vault access key) for 
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activating or deactivating the aggregation service, and the aggregation service will not 
operate for a particular user unless that key is in place. 

As it is the user who is the active party and will use the aggregator's software 
and hardware , it will, for all intents and purposes, be the user who makes the contact 
5 with the financial institutions 16 with which the user has accounts and provides the 
relevant access data to enable the account information to be obtained from those 
financial institutions. 

The account information which is obtained from the financial institutions 16 will 
be provided to the user for his or her exclusive and confidential use. The user may 
10 choose to provide the aggregator with a copy of the account information which the 
aggregator has obtained, but that will be a separate arrangement with the aggregator 
which the user may or may not choose to enter into. 

It is envisaged that the present invention will be implemented via the Internet 
Each registered use of the system will be allocated a specific unique summary web page 
1 5 from which they are able to instruct the aggregation of data and view aggregated data. 

As a further embodiment of the present system, an auto-login function may be 
incorporated into the system enabling users to log on directly to a website from their 
unique summary web page for the purpose, for example, of conducting transactions at 
that website, rather than having to re-enter login details for each separate service 

20 provider. For example, when a user wishes to access their details from a particular 
service provider they will be prompted with a message such as "Do you wish to be 
logged on?" or similar. If the user answers yes to this message, the user's user ID and 
password will be passed on to the service and they will be taken directly into the website 
of the service provider. If the user answers no to the message, they will be taken to the 

25 logon page. 

It is envisaged that the aggregation system of the present invention may be 
implemented either using known so-called screen scraping technology, or alternatively 
using a 'direct feed' model which may enable fester and more efficient data retrieval. 
According to this direct feed model, the aggregator would enter into a formal agreement 
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with other institutions, from which aggregation system user's information is to be 
aggregated, allowing the aggregator to obtain direct downloads (or "feeds") of 
information. Thus when the aggregation system requests access to customer 
information from the institution in question, the institution confirms the system is 
5 authorised to access that information (demonstrated by the user's account number, 
password and user name). Once access is confirmed, the institution transmits the 
requested user information to the aggregation system using a standard communication 
protocol. The aggregation system then displays this information to the user via the 
aggregator website, and more particularly via the user's unique summary web page. 

10 The documentation following, entitled "my on-line summary: Aggregation 

Service" sets out the terms of the type which the applicant might reach with a user for 
using an aggregation system of the type defined in this document The aforesaid 
documentation contains additional details of the preferred system which is proposed to 
be used by the applicant, and forms part of this specification. 

15 

It will be appreciated that the "conduif ' model described in this specification in 
relation to an aggregation service is also applicable to other on-line services. For 
example this "conduif* model may be applied to an on-line payment system, such as 
cash transfer operations in which a secure funds clearing box may be provided, 
20 accessible only to a user and funds transfer may be initiated by a user request in the form 
of an email. Additionally the 'conduit* model may also be used in relation to a host of 
other on-line transactions where security and user-activated requests are beneficial, 
including financial planning tools and e-commerce banking in general. 

It will be understood that the invention disclosed and defined herein extends to 
25 all alternative combinations of two or more of the individual features mentioned or 
evident from the text or drawings. All of these different combinations constitute various 
alternative aspects of the invention. 
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The foregoing describes embodiments of the present invention and 
modifications, obvious to those skilled in the art can be made thereto, without departing 
from the scope of the present invention. 
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my online summary 

Aggregation Service 
Terms 

The Commonwealth Bank of Australia invites you to join our my online summary 
Aggregation Service (the "Service"). The purpose of the Service is to provide you with the 
means of aggregating and ultimately better analysing your financial, investment and other 
information accessible through the internet and held by different parts of the Commonwealth 
Bank Group or by other organisations with whom you may have online relationships, such as 
other financial institutions or stockbrokers ("Service Providers"). 

Below we set out the Terms of the Service. We advise you to read them in full and be 
sure that you understand them. If these Terms are acceptable to you, please click on the 
"accept" box that appears at the end of the Terms. By so doing you agree to be bound by these 
Terms. 

The Service to be Provided 

• The Service allows you to aggregate account, financial, investment and other 
information held online with the Commonwealth Bank Group or by other Service 
Providers. 

How the Service Works 

• * When you join the Service, you will provide to us your name, email address, home 

address including postcode and any other personal information we require ("Personal 
Information") and the identities of the online accounts, investments, shareholdings, 
frequent flyer points, email addresses or other data sources which you propose to 
aggregate ("Accessible Data"). You may from time to time add to or delete from your 
Accessible Data. 

• You will also input into a PIN Vault the login names, User IDs, PINs, passwords and 
access codes ("Login Information") to your Accessible Data. The PIN Vault is a 
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secure computer environment in which your Login Information will be housed on a 
safe custody basis. 

• You will choose a Customer Identification ID and password. You will need to input 
these to gain online access to the Service. When you access the Service, you will be 
able to view the aggregated information which a routine process will produce with 
respect to your Accessible Data ("Aggregated Data"). 

• You will need to provide and maintain all telephone and other equipment (other than 
any software provided to you from time to time by us for the purposes of the Service) 
needed to use the Service. 

• If you forget your Customer Identification ID and password for the Service you will 
need to re-register for the Service to obtain a new one. 

• At this stage no fees are charged for the Service. However, we may, following notice 
to you, impose fees at a later time. 

Use of Login Information 

1 . Use of the Login Information you have input into the PIN Vault is strictly limited as 
follows: 

• When you enter information relating to a data source you propose to aggregate (eg 
when you join the Service or add a new Service Provider), you initiate a process 
whereby you automatically activate the Login Information relating to that data source 
to obtain initial Aggregated Data from it. 

• When you subsequently access the Service, you may "refresh" (initiate an updating of) 
the Aggregated Data from some or all of your data sources, in which case once again 
you automatically activate the appropriate Login Information for that purpose. 

• Should you cancel the Service either entirely or in respect of a particular online site, or 
amend your Login Information, you thereby automatically delete the relevant Login 
Information. Similarly, if we terminate all or part of the Service, the relevant Login 
Information is also automatically deleted. 
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Your Login Information is not otherwise accessible to you (apart from when you use 
the "Autologjn" feature to directly connect yourself to your Service Provider), or 
known or accessible to us or to the custodian we use for the PIN Vault (except in the 
case of emergency or where there is a change in the custodian we use for the PIN 
Vault, in which case all due care will be taken to maintain the security of your Login 
Information). 

The PIN Vault may be located outside Australia and you consent to the housing of 
your Login Information in that location. 

Privacy 

We will hold your Personal Information and Accessible Data and may hold your 
Aggregated Data. We will not disclose any of it except as provided below or where 
you have consented or we are required or permitted by law to do so. 

The Privacy Policy contained on the my online summary site, from time to time, also 
contains statements about your privacy and data protection and applies to your use of 
the my online summary site and the Service. 

By joining the Service you consent to us using your Personal Information, Accessible 
Data and Aggregated Data (which may include credit information about you) and 
disclosing it to other Commonwealth Bank Group entities for the purpose of analysis. 
In performing this analysis we and members of the Commonwealth Bank Group may 
use such information with data from other sources. 

Unless you notify us otherwise, you consent to us using your Personal Information, 
Accessible Data and Aggregated Data and disclosing it to other Commonwealth Bank 
Group entities for the purposes of marketing products and services to you from time to 
time. 

We may contact you regarding any matter relevant to the Service. We may also use 
your Personal Information, Accessible Data and Aggregated Data to improve the 
operation of the Service and to develop usage data. 
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You consent to us using, or sharing with third parties, your Aggregated Data for the 
purposes of statistical analysis of market trends or to compile aggregated data which 
does not personally identify you or any other user of the Service. 

You consent to disclosure of your Personal Information, Accessible Data and 
Aggregated Data to third parties, to the extent that such disclosure may occur in the 
provision of the Service. You also consent to the disclosure of your Personal 
Information, Accessible Data and Aggregated Data to third party suppliers who 
conduct specialised activities on our behalf which are necessary to our business 
operations, for example, mailing houses. We will only disclose such information to 
these third party suppliers on a confidential basis and for the limited purpose of 
conducting the specialised activity. 

Our Liability for Unauthorised Transactions 

We are responsible for any losses you suffer as a result of unauthorised transactions on 
your online accounts due to fraud or negligence arising in connection with our 
providing the Service to you. 

However, you must notify us immediately you become aware of any such unauthorised 
transactions or come to suspect that they may occur. If you fail to do so, we will not 
be liable in respect of any further losses you suffer. 

In addition, if the Service Provider of the account in question is not us, you must: 
contact your Service Provider, 

follow the procedures agreed with that Service Provider to investigate and resolve the 
matter, and 

require the Service Provider to remedy or compensate you for any losses you may have 
suffered to the extent the law allows. 
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If you fail to do any of these things, we will not be liable in respect of any 
relevant loss. 

Limitations on our responsibility 
You acknowledge that: 

there may be a high level of variability in up-to-dateness between and within sites 
operated by your Service Providers; and 

the information accessed from your Service Providers may be out-of-date or 
inaccurate. 

Subject to your statutory rights, we are not liable if you suffer loss because: 

the Service is interrupted, slow, unreliable or contains errors; or 

the results obtained through the Service are inaccurate or out-of-date. 

The Service is provided without seeking any prior consent of your Service Providers 
and we have no contractual arrangements with them regarding the Service. 

References to any names, marks, products or services of third parties or hypertext links 
to third party sites and/or information do not necessarily indicate their endorsement of 
the Service or the information obtained from them. 

We do not accept responsibility for any charges you may incur from any of your 
Service Providers by using the Service. 

Term 

These Terms apply from the time you signify your acceptance of the Terms by clicking 
on the "accept" box at the end of these Terms. 

You or we may terminate the provision of the Service to you without reason or prior 
notice. 
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If you wish to tenninate, follow the online procedure for cancelling enrolment 

We may terminate by an online communication, by publishing a notice in at least one 
newspaper generally circulated in your State or Territory, or by such other means as 
may be reasonable in the circumstances. 

On termination, you will cease to have the right to use the Service. In all other 
respects the Terms continue to apply as appropriate. 

Other Rights you Acknowledge that we have 

We may rely on advertisers and sponsors to help fund the Service. We may display 
advertisements and promotions of all kinds in and with die Service. We may have 
agreements with websites including revenue sharing from advertising or transactions. 

Your Other Responsibilities 

You agree to provide true, accurate and current Personal Information and Accessible 
Data, as requested in our registration form and to keep your Personal Information and 
Accessible Data up to date. You also agree to input correct and current Login 
Information into the PIN Vault, and to keep your Login Information up to date. 

You agree not to disclose your Customer Identification ID and password for the 
Service to anybody, and to take such measures as you reasonably can to prevent others 
from discovering or using your Customer Identification ID and password. You also 
agree to notify us immediately of any unauthorised use of your Customer Identification 
ID and password for the Service, or of any other breach or possible breach of security. 
Subject to your statutory rights, if you breach these responsibilities, you will be 
responsible for any resulting unauthorised transactions. 

You may not use the Service to conduct any business or activity that is unlawful You 
must comply with all applicable laws, rules, regulations and industry codes of conduct 
in connection with the Service. 
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You have various obligations under the terms and conditions you have agreed with 
your Service Providers. You warrant to us that your input of the Login 
Information into the PIN Vault and your use of the Service do not contravene 
those terms and conditions. If you have any doubts as to this, we advise you to 
contact your Service Providers. You must notify us if at any time you become aware of 
any such breach. 

The Service is available to Australian residents only. You warrant to us that you are 
an Australian resident and undertake to notify us immediately if you become a 
resident of another country- 
Effect on other Arrangements with Commonwealth Bank Group 

These Terms are intended to apply only to the Service, and they modify or otherwise 
effect the terms of any other arrangements you may have with us only to the extent 
necessary for the purpose of facilitating the Service. 

Intellectual Property Matters 

Commonwealth Bank Group names, trademarks, logos, designs and slogans are owned 
by members of the Commonwealth Bank Group. You may not use them in any 
advertising, publicity or other commercial manner without the prior written consent of 
the relevant owner. You may use, copy and distribute the materials found on the 
Service for internal, non-commercial, informational purposes only. All copies that you 
make of the material must bear any copyright, trademark or other proprietary notice 
that pertains to the material being copied. Except as authorised in these Terms, you are 
not being granted a licence under any copyright, trademark, patent or other intellectual 
property right in the material or the products, services, processes or technology 
described therein. 

Any feedback (including comments, questions, suggestions, criticisms or ideas) that 
you send to us will be treated as being non-confidential and non-proprietary. We may 
use any ideas, concepts, know-how or techniques contained in such feedback for any 
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purpose whatsoever (including developing, manufacturing and marketing products and 
services incorporating such infonnation). 

Trademarks contained on or associated with the Service that are not owned by 
Commonwealth Bank Group members are the trademarks of their respective owners. 

Changes to the Service or these Terms 

We may discontinue, suspend or alter any aspect of the Service (eg the online sites 
available for aggregation) at any time. We will use reasonable efforts to notify you (eg 
by posting information on the site). 

We may change these Terms at any time. We will take reasonable steps to notify you 
by e-mail or we will refer you to the changes the next time you use the Service. Your 
continued use of the Service is acceptance of the changed Terms. 

Contact us if a problem arises 

Contact us as soon as possible if you think: 

any unauthorised transactions have occurred on your online accounts; or 

we have not complied with our obligations under these Terms. 

For unauthorised transactions, if the Service Provider of the account in 
question is not us, you should also contact your Service Provider. 

If we dispute your claim but are unable to resolve the dispute immediately, we will 
indicate to you the time needed to investigate your claim. We will report to you as 
soon as possible and generally within 10 business days, giving you the reasons for our 
decision. 

If we conclude from our investigations that your claim is unfounded, you may ask us 
to: 

review our investigation; or 
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• give you a copy of the material on which we based our decision. (We cannot however 
give you material which may breach a confidence, legal duty or obligation or which 
may adversely affect security). 

• If you are not satisfied with our answer, we will advise you of other avenues of dispute 
resolution available to you. 

Miscellaneous 

• We may assign our rights under these Terms at any time without notice. 

• These Terms are governed by the laws of New South Wales 

Defined Terms 

• We means: 

The Commonwealth Bank of Australia and its staff and other agents. Any other 
grammatical form of the word "we", along with "our" and "us" has a corresponding 
meaning. 

• Commonwealth Bank Group means: 

The Commonwealth Bank of Australia and its related entities, such as (at 
present) ASB Bank Limited, Commonwealth Life Limited, Commonwealth Investment 
Services Limited, Commonwealth Funds Management Limited and Commonwealth Custodial 
Services Limited. 
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Claims 

1. A method of aggregating one or more of a user's accounts, each of which is 
protected by one or more account access data keys which are personal to the user, each 
user account being maintained by an account managing organisation with details of the 
5 accounts being contained in an account managing organisation's database, said method 
including the steps of: 

establishing a linked data network between one or more user terminals, a 
custodian database, an aggregation means, and said account managing organisation or 
organisations database or databases; 

1 0 allowing a user, via a user terminal, to enter account access data keys into 

said custodian database for each of the user's accounts which the user chooses to 
aggregate; 

allowing a user to enter instructions via a said user terminal to the 
aggregation means to aggregate selected of said user's accounts; 

1 5 allowing the aggregation means under the instruction of the user to utilise 

said account access data keys from said custodian database for the purpose of using said 
keys to obtain account data from said database or databases of said account managing 
organisations; and 

allowing the user to access said account data from a said user terminal. 

20 2. A method of aggregating one or more of a user's accounts as claimed in claim 1 
wherein said account access data keys are electronically readable data strings such as pin 
numbers or passwords. 

3. A method of aggregating one or more of a user's accounts as claimed in claim 1 
or 2 wherein said aggregation means and said custodian database are controlled and 

25 managed by separate organisations. 

4. A method of aggregating one or more of a user's accounts as claimed in any one 
of the preceding claims wherein said account access data keys are not stored in any part 
of die memory of said aggregation means so that said aggregation means is required to 
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obtain instructions from the user to utilise said account access data keys from said 
custodian database for every aggregation operation. 

5. A method of aggregating one or more of a user's accounts as claimed in any one 
of the preceding claims wherein said linked data network is accessible by users over a 

5 computer network, such as the Internet 

6. A method of aggregating one or more of a user's accounts as claimed in any one 
of the preceding claims wherein said aggregation means is a computer program operated 
by said aggregator and usable by users via said computer network. 

7. A method of aggregating one or more of a user's accounts as claimed in any one 
10 of the preceding claims wherein said aggregation is performed substantially 

instantaneously according to instructions issued from a user at the time said user is 
accessing the linked data network. 

8. A method of aggregating one or more of a user's accounts as claimed in any one 
of claims 1 to 6 wherein said aggregation is performed, on instructions of said user, on a 

1 5 regular basis, such as daily, weekly, or monthly. 

9. A system for aggregating one or more of a user's accounts, each of which is 
protected by one or more account access data keys which are personal to the user, each 
user account being maintained by an account managing organisation with details of the 
accounts being contained in an account managing organisation's database, the system 

20 comprising a linked data network between one or more user terminals, a custodian 
database, an aggregation means, and said account managing organisation or 
organisations database or databases, said aggregation means being adapted to, under the 
instruction of the user, utilise said account access data keys from said custodian 
database for the purpose of using said keys to obtain account data from said database or 

25 databases of said account managing organisations; wherein in use: 

a user, via a user terminal, enters account access data keys into said 
custodian database for each of the user's accounts which the user chooses to aggregate; 
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said user enters instructions via a said user terminal to the aggregation 
means to aggregate selected of said user's accounts; and 

said user accesses aggregated account data from a said user terminal. 

wherein said account access data keys are electronically readable data strings such as pin 
5 numbers or passwords. 

10. A system for aggregating one or more of a user's accounts as claimed in claim 9 
wherein said aggregation means and said custodian database are controlled and managed 
by separate organisations. 

11. A system for aggregating one or more of a user's accounts as claimed in claim 9 
10 or 10 wherein said account access data keys are not stored in any part of the memory of 

said aggregation means so that said aggregation means is required to obtain instructions 
from the user to utilise said account access data keys from said custodian database for 
every aggregation operation- 

12. A system for aggregating one or more of a user's accounts as claimed in any one 
15 of claims 9 to 11 wherein said linked data network is accessible by users over a 

computer network, such as the Internet. 

13. A system for aggregating one or more of a user's accounts as claimed in any one 
of claims 9 to 12 wherein said aggregation means is a computer program operated by 
said aggregator and usable by users via said computer network. 

20 14. A system for aggregating one or more of a user's accounts as claimed in any one 
of claims 9 to 13 wherein said aggregation is performed substantially instantaneously 
according to instructions issued from a user at the time said user is accessing the linked 
data network. 

15. A system for aggregating one or more of a user's accounts as claimed in any one 
25 of claims 9 to 13 wherein said aggregation is performed, on instructions of said user, on 

a regular basis, such as daily, weekly, or monthly. 

16. A method for aggregating one or more of a user's accounts substantially as 
herein described with reference to Figure 2 of the accompanying drawings. 



SUBSTITUTE SHEET (RULE 26) RO/AU 



WO 02/42952 



PCT/AU01/01519 



22 

17. A system for aggregating one or more of a user's accounts substantially as herein 
described with reference to Figure 2 of the accompanying drawings. 
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